IBM1241EDCC963CA8BC40056BDDCD66289C100B50466C17C8A17946CAFBC280E7CDSecurity Bulletin: IBM Maximo Application Suite - AI Broker component usesscikit_learn-1.3.2-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl which is vulnerable to this CVE-2024-5206
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
High
Summary
Security Bulletin: IBM Maximo Application Suite - AI Broker component usesscikit_learn-1.3.2-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl which is vulnerable to this CVE-2024-5206. This bulletin contains information regarding the vulnerability and its fixture.
Vulnerability Details
CVEID:CVE-2024-5206
**DESCRIPTION:**scikit-learn could allow a remote authenticated attacker to obtain sensitive information, caused by an unexpected storage of all tokens present in the training data within the stop_words_ attribute. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain passwords or keys information, and use this information to launch further attacks against the affected system.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/294397 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM Maximo Application Suite - AI Broker | 1.0.0 |
Remediation/Fixes
Affected Product(s)|
Fix Pack
Version(s)
—|—
IBM Maximo Application Suite - AI Broker| 1.0.1
Workarounds and Mitigations
None
Affected configurations
Related
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
High